Full Disclosure mailing list archives

RE: antivirus s/w

From: "Kevin Cherry" <kevin.cherry () leggett com>
Date: Tue, 27 Jan 2004 13:03:47 -0600

One product you might want to look into is Cisco Security Agent or CSA.
CSA runs on all NT Class machines and works as a kind of a Personal
Firewall.  It does this through OS behavior monitoring and then reports
any suspicious activity to a centralized console called VMS.  The VMS
console can read the log information leading up to a successful block
and compare that information from other CSA agents running on other
machines to determine if a new rule needs to be generated and pushed out
to the clients to block a new worm or attack that may be active on your
network.  CSA's rules can be customized down to a very detailed level
and provides a proactive approach for combating new viruses and system
compromise attempts and it does not need any definitions to do so,
because it works by monitoring OS behavior.  CSA will also work in
combination with Cisco VPN concentrators by only allowing machines that
have CSA running to connect to the VPN.  Here are some links for more
info.

http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/

If I made any mistakes in my description please let me know as I only
told this information at Cisco Security Seminar and I may have forgot
some things 
or explained them incorrectly.


Kevin




-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Gadi Evron
Sent: Tuesday, January 27, 2004 5:10 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] antivirus s/w

Patrick J Okui wrote:

Hi all,

(.*flames.*>/dev/null)

1. I'm trying to decide on an AV solution for a campus wide n/w.
I'm basically looking for something that'll respond as quick as
possible to new viruses. I'm currently evaluating NAV, and Fprot.
Any other suggestions/recomendations?


To install on every workstation or to filter malware from email?


2. Fprot have an AV 4 linux/bsd workstations....does this just
scan for virii from infected winbloze or are there un*x virii i'm
ignorant about?


A better question would be.. rootkits?

        Gadi Evron




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: antivirus s/w, (continued)
- Re: antivirus s/w Randal L. Schwartz (Jan 27)
  - Re: antivirus s/w Patrick J Okui (Jan 27)
  - Re: antivirus s/w Volker Tanger (Jan 27)
  - Re: antivirus s/w Gustavo A. Lozano (Jan 27)
  - RE: antivirus s/w Steve Wray (Jan 27)
    - Re: antivirus s/w William Warren (Jan 27)
    - Re: antivirus s/w I.R. van Dongen (Jan 27)
- RE: antivirus s/w Jos Osborne (Jan 27)
  - RE: antivirus s/w Bryan K. Watson (Jan 27)
    - Re: antivirus s/w Damian Gerow (Jan 27)
- RE: antivirus s/w Kevin Cherry (Jan 27)
- RE: antivirus s/w Kevin Patterson (Jan 27)
  - Re: antivirus s/w Georgi Guninski (Jan 27)